Dailydave mailing list archives
Playing Ball
From: dave <dave () immunityinc com>
Date: Thu, 10 Sep 2009 13:56:11 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CANVAS release announcement: http://www.immunityinc.com/news-latest.shtml You can't have a penetration testing toolkit without a Windows rootkit. To that end, this month Immunity released HCN, the next generation of CANVAS Windows Kernel rootkits. People always underestimate how hard it is to write a rootkit. On one hand, it's like engineering. Specialized engineering, but engineering nonetheless. You aren't hunting down tiny gold nuggets the way you are with vulnerability finding and exploit development. But the testing is nightmarish. Writing a rootkit is like being able to stick a knife in someone, but in a way they can still play basketball afterwards. That's an expensive thing to do, and it's not something you do and then ever really call done. But the HCN Rootkit works across any Windows you care about, minus 64 bit for now. It can be set to call back to CANVAS, or simply used to hide another trojan of some kind. And in conclusion, commercially supported Windows rootkits are awesome. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqpPbsACgkQtehAhL0ghepi+wCff8gdryQAVq9U+T3X3/y4K48A 8CcAn30IKYWC7XftAb6idmuJTGsOApVa =E/MR -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Playing Ball dave (Sep 10)
- Re: Playing Ball Matthew Wollenweber (Sep 10)